ReportizFlow
Filtered by vendor Apache
Subscriptions
Filtered by product Http Server
Subscriptions
Total
351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1237 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | ||||
| CVE-2004-0113 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. | ||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2026-04-16 | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | ||||
| CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2026-04-16 | 7.5 High |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||||
| CVE-2005-3357 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2026-04-16 | N/A |
| mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | ||||
| CVE-2006-4110 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | ||||
| CVE-2005-3352 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Network Proxy and 2 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. | ||||
| CVE-1999-0107 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | ||||
| CVE-1999-0070 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| test-cgi program allows an attacker to list files on the server. | ||||
| CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2026-04-16 | N/A |
| phf CGI program allows remote command execution through shell metacharacters. | ||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2026-04-16 | N/A |
| List of arbitrary files on Web host via nph-test-cgi script. | ||||
| CVE-2003-0245 | 2 Apache, Redhat | 2 Http Server, Linux | 2026-04-16 | N/A |
| Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors. | ||||
| CVE-2004-0940 | 7 Apache, Hp, Openpkg and 4 more | 9 Http Server, Hp-ux, Openpkg and 6 more | 2026-04-16 | 7.8 High |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | ||||
| CVE-2004-0811 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | ||||
| CVE-2002-0240 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | ||||
| CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2026-04-16 | N/A |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | ||||
| CVE-2004-0492 | 6 Apache, Hp, Ibm and 3 more | 8 Http Server, Virtualvault, Vvos and 5 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | ||||
| CVE-2003-1418 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | ||||
| CVE-2003-0993 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2001-0729 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. | ||||